Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update instructions for rich text custom rendering [ci-skip] #44421

Merged
merged 1 commit into from Feb 14, 2022
Merged

Update instructions for rich text custom rendering [ci-skip] #44421

merged 1 commit into from Feb 14, 2022

Conversation

jonathanhefner
Copy link
Member

Since #43110, we no longer generate .scss files by default.

This commit:

  • Changes remaining .scss filenames to .css.
  • Updates the instructions for omitting the default Trix styles.
  • Eliminates repetitive use of the word "default".
  • Reorders the content slightly for better flow.

@jonathanhefner
Update instructions for rich text custom rendering [ci-skip]
940980d 
Since rails#43110, we no longer generate `.scss` files by default.

This commit:

* Changes remaining `.scss` filenames to `.css`.
* Updates the instructions for omitting the default Trix styles.
* Eliminates repetitive use of the word "default".
* Reorders the content slightly for better flow.
@jonathanhefner jonathanhefner self-assigned this Feb 13, 2022
@rails-bot rails-bot bot added the docs label Feb 13, 2022
p8
p8 approved these changes Feb 14, 2022
View reviewed changes
Copy link
Member

@p8 p8 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@jonathanhefner jonathanhefner merged commit 93c1405 into rails:main Feb 14, 2022
jonathanhefner added a commit to jonathanhefner/rails that referenced this pull request Feb 14, 2022
@jonathanhefner
Merge pull request rails#44421 from jonathanhefner/guide-action_text-…
348cba8 
…custom-rendering

Update instructions for rich text custom rendering [ci-skip]

(cherry picked from commit 93c1405)
@miquelbarba miquelbarba mentioned this pull request Aug 17, 2022
Open
seanpdoyle
seanpdoyle reviewed Oct 18, 2023
View reviewed changes
guides/source/action_text_overview.md
@@ -113,16 +113,8 @@ end

## Rendering Rich Text content

Action Text will sanitize and render rich content on your behalf.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jonathanhefner @p8 with the removal of this line, the Action Text Overview only mentions "sanitization" in one place:

rails/guides/source/action_text_overview.md

Lines 95 to 99 in 00dfa10

And finally, display the sanitized rich text on a page:
```erb
<%= @message.content %>
```

Surprisingly, neither ActionText::RichText nor ActionText::Content mention anything about sanitizing content in their RDoc comments.

Securing Rails Applications doesn't mention Action Text at all, nor does it mention that it's is serialized by rails-html-sanitizer.

Was the removal of this line intentional, or accidental? Where would be the most appropriate place to improve the Action Text documentation with regard to its security implications?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've opened #49696 to try and expand upon sanitization support.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seanpdoyle seanpdoyle seanpdoyle left review comments

@p8 p8 p8 approved these changes

Assignees

@jonathanhefner jonathanhefner

Labels
docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@jonathanhefner @p8 @seanpdoyle @sedubois